Data breaches are a threat to consumer confidence, and a wake-up call for businesses, policymakers.

When asked why he robbed banks, slick Willie Sutton is said to have remarked, "Because that's where the money is." For today's cybercriminals, the Internet is where the money is — full to the brim with consumers' valuable data. By 2020, annual global data production is expected to hit 35 zettabytes (or 35 trillion gigabytes). From hacked payment card information to Social Security numbers, email addresses, and account passwords, much of this data trove is both sensitive and easily monetized by cybercrooks.

Indeed, this year the market for so-called "big data" is expected to reach $16.1 billion, according to the International Data Corporation. Unfortunately, the personal information that is fueling this growth is often secured with the equivalent of duct tape and bubble gum. Consumers are expected to deposit the digital equivalent of our life savings into a bank where the vault is left wide open. Just Tuesday it was reported that a Russian crime ring has amassed "1.2 billion username and password combinations and more than 500 million email addresses."

Indeed, our nation's lax data security practices have led to a criminal bonanza with disastrous consequences for consumers and businesses alike. In 2013, researchers at Verizon reported more than 1,300 data breaches globally. According to the non-profit Privacy Rights Clearinghouse, more than 257 million records were compromised last year alone.

Identity fraud, often fueled by information compromised in data breaches, has topped the list of consumer complaints to the Federal Trade Commission for 14 straight years. According to the security firm Norton, the total annual cost of cybercrime in the U.S. was $38 billion in 2013. On average, a victim of cybercrime can expect the incident to cost her $633. Thieves selling stolen cards from the 2013 Target breach alone were expected to net $53.7 million in illicit profits.

Consumers have had enough and they are calling for reform. A Javelin Strategy & Research poll found that 70% of fraud victims want the federal government to ensure that businesses meet basic data security standards. And 64% of victims believe that they should have the right to hold companies legally accountable when their information is compromised.

Businesses should be especially concerned. A recent study by IBM and the Ponemon Institute estimated the average cost to companies of a data breach in the United States at $5.85 million per incident. In addition to the monetary costs, when a breach occurs, a company's reputation is seriously harmed. Javelin found that following a data breach at a retailer, 59% of fraud victims involved say their trust in that business decreased. Another poll found that 12% of a breached retailer's loyal shoppers stop shopping there and 36% shop there less frequently. At Target, the data breach fallout took a bite out of quarterly profits and cost its CEO his job. For a small business, such a loss in customer trust could easily force it to close completely.

To confront this growing threat, the National Consumers League has launched the #DataInsecurity Project, bringing together consumer advocates, businesses leaders and public officials to raise awareness and push for action on consumer data security.

While there is no silver bullet to the problem of data insecurity, more can and should be done to secure consumers' sensitive information. The passage of a national data breach notification bill, modeled on California's strong law, would be a good start. Requiring mandatory data security standards for businesses that collect consumer data would be another pro-consumer step. Strengthening the authority of regulators like the FTC and increasing penalties for criminal hacking are also necessary in order to ensure a more secure data infrastructure.

Unfortunately, legislation that would accomplish many of these goals has been mired in Congress for years. Recent major breaches at companies like Target, Michael's, and eBay, should serve as a wake-up call to Washington that inaction on this issue will lead to increasing harm to consumers and the economy. The time for data security reform is now.

John Breyault is the vice president of public policy, telecommunications and fraud at the National Consumers League in Washington, D.C. NCL is a 115-year-old consumer watchdog organization, and it recently launched its national #DataInsecurity Project at nclnet.org.